Spam's new nemesis: Trust-based messages

The other day I was reading Investors Business Daily and came across an article whose title you see in the subject line of this blog post.  The article is a Q&A Dave Crocker of BrandenBurg InternetWorking. 

If you're like me and too lazy to click the link and read the article, allow me to post a couple of important excerpts.


IBD: What's your solution [to the spam problem]?

Crocker:
You have to create what I call a trust overlay to the existing e-mail
system. Existing senders and receivers can continue to use e-mail as
before. All we're doing is adding a mechanism that lets them trust who
mail is from and (determine) whether that sender is trustworthy.

...

IBD: Why is adding a special domain name important in identifying whether an e-mail message is wanted or not?

Crocker:
Existing "reputation" based e-mail screening systems are based on very
low-level addressing numbers that say where a server is attached to the
Internet, rather than what organization is sending the message. DKIM
will identify the sender.

IBD: Can you give an example of how DKIM prevents the delivery of unwanted spam?

Crocker: A classic example of spam abuse involves eBay's
online payment system PayPal. Pay-Pal e-mail is often forged by hackers
or other bad actors. They might send it as "paypa1.com," a so-called
"cousin" domain that looks like the real one but is intended to confuse.

IBD: How does DKIM help?

Crocker:
If I have a DKIM signature that's signed (with the string for)
PayPal.com then it was really signed by PayPal.com and should be
received.

...

IBD: In practice, what difference would using a trust-based e-mail service make to a typical office e-mail system?

Crocker:
First-time senders wouldn't have their messages erroneously blocked.
E-mail would also be marked as "definitely good" rather than "possible
spam."

IBD: Are there any other advantages?

Crocker:
Graphics in incoming e-mail won't be turned off. As a matter of safety,
it's usually important to have e-mail graphics turned off because they
could be the basis for possible hacker attacks. But if messages are
marked as safe, the graphics are of no concern and can be shown.

 


In
my next post, I will respond to some of these comments.